Vulnerabilities > Gitlab > Gitlab > 8.3.8

DATE CVE VULNERABILITY TITLE RISK
2017-05-04 CVE-2017-8778 Cross-site Scripting vulnerability in Gitlab
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
network
gitlab CWE-79
4.3
4.3
2017-03-28 CVE-2017-0882 Information Exposure vulnerability in Gitlab
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request.
network
low complexity
gitlab CWE-200
4.0
4.0
2017-01-23 CVE-2016-4340 Permissions, Privileges, and Access Controls vulnerability in Gitlab
The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.
network
low complexity
gitlab CWE-264
6.5
6.5